Hi, my name is Grant Taylor. I am a subscriber to the LARTC mail list lartc@xxxxxxxxxxxxxxxx The LARTC mail lists has been plagued with viral email coming from changing IPs in your one of your subnets. Based on the fact that the WhoIs information below says that the subnet in question is a dial up pool this would explain the changing IPs. In less than 6 days the list has received 14 viral emails infected with Win32.Bagle.AE or Zip.Bagle (depending on the type of attachment). Would it be possible to contact the dial up user from the times listed below (from the Received: headers in the emails) and ask them to make sure that Bagle is not on their system or to clean it if it is infected? I'm not out to get any one in trouble, I would just like the viral email to stop being sent to our mail list and to the world. :)
Grant Taylor
Systems Administrator
Riverview Technologies Inc.
601 West Business Loop 70
Suite 109
Columbia MO 65203-2546
United States of America
Phone: (USA) (573) 442-7151
Fax: (USA) (573) 442-3062
eMail: gtaylor@xxxxxxxxxxxxxxxxx
postmaster@xxxxxxxxxxxxxxxxx
Below are the pertinent headers out of each email message:
----------------------------------------------------------
Received: from jai.com (unknown [202.56.216.56])
by outpost.ds9a.nl (Postfix) with SMTP id B9B363FDD
for <LARTC@xxxxxxxxxxxxxxx>; Sat, 16 Apr 2005 10:46:35 +0200 (CEST)
Received: from jai.com (unknown [202.56.216.56])
by outpost.ds9a.nl (Postfix) with SMTP id B9B363FDD
for <LARTC@xxxxxxxxxxxxxxx>; Sat, 16 Apr 2005 10:46:35 +0200 (CEST)
Received: from jai.org (unknown [202.56.213.69])
by outpost.ds9a.nl (Postfix) with SMTP id 094074089
for <LARTC@xxxxxxxxxxxxxxx>; Sat, 16 Apr 2005 20:53:49 +0200 (CEST)
Received: from jai.org (unknown [202.56.213.69])
by outpost.ds9a.nl (Postfix) with SMTP id 094074089
for <LARTC@xxxxxxxxxxxxxxx>; Sat, 16 Apr 2005 20:53:49 +0200 (CEST)
Received: from jai.com (unknown [202.56.213.75])
by outpost.ds9a.nl (Postfix) with SMTP id 107143FBB
for <LARTC@xxxxxxxxxxxxxxx>; Mon, 18 Apr 2005 06:52:46 +0200 (CEST)
Received: from jai.com (unknown [202.56.213.75])
by outpost.ds9a.nl (Postfix) with SMTP id 107143FBB
for <LARTC@xxxxxxxxxxxxxxx>; Mon, 18 Apr 2005 06:52:46 +0200 (CEST)
Received: from jai.com (unknown [202.56.213.97])
by outpost.ds9a.nl (Postfix) with SMTP id 08CDF4494
for <LARTC@xxxxxxxxxxxxxxx>; Mon, 18 Apr 2005 18:15:25 +0200 (CEST)
Received: from jai.net (unknown [202.56.220.176])
by outpost.ds9a.nl (Postfix) with SMTP id 262E2443A
for <LARTC@xxxxxxxxxxxxxxx>; Mon, 18 Apr 2005 22:33:40 +0200 (CEST)
Received: from jai.org (unknown [202.56.216.31])
by outpost.ds9a.nl (Postfix) with SMTP id 29D894013
for <LARTC@xxxxxxxxxxxxxxx>; Tue, 19 Apr 2005 00:55:09 +0200 (CEST)
Received: from jai.org (unknown [202.56.216.31])
by outpost.ds9a.nl (Postfix) with SMTP id 29D894013
for <LARTC@xxxxxxxxxxxxxxx>; Tue, 19 Apr 2005 00:55:09 +0200 (CEST)
Received: from jai.com (unknown [202.56.216.47])
by outpost.ds9a.nl (Postfix) with SMTP id 2418240EB
for <LARTC@xxxxxxxxxxxxxxx>; Tue, 19 Apr 2005 20:47:00 +0200 (CEST)
Received: from jai.org (unknown [202.56.216.39])
by outpost.ds9a.nl (Postfix) with SMTP id BA4C740F9
for <LARTC@xxxxxxxxxxxxxxx>; Wed, 20 Apr 2005 09:41:21 +0200 (CEST)
Received: from jai.com (unknown [202.56.213.171])
by outpost.ds9a.nl (Postfix) with SMTP id 02BC43FD6
for <LARTC@xxxxxxxxxxxxxxx>; Wed, 20 Apr 2005 16:09:46 +0200 (CEST)
Received: from jai.com (unknown [202.56.220.3])
by outpost.ds9a.nl (Postfix) with SMTP id B4D4840D3
for <LARTC@xxxxxxxxxxxxxxx>; Thu, 21 Apr 2005 19:49:10 +0200 (CEST)
Below is WhoIs information on the subnet block that the IPs are in that send the viral emails:
----------------------------------------------------------------------------------------------
inetnum: 202.56.216.0 - 202.56.216.128
netname: BHARTI-IN
descr: Infrastructer
descr: Dail Up Pool for Touchnet Haryana
descr: Bharti Infotel Ltd.
descr: 234 , Okhla Phase III
descr: New Delhi
descr: India
country: IN
admin-c: NA40-AP
tech-c: NA40-AP
mnt-by: MAINT-IN-BBIL
status: ASSIGNED NON-PORTABLE
changed: techsupport@xxxxxxxxxx 20040206
source: APNIC
route: 202.56.192.0/18
descr: BHARTI-IN
descr: BHARTI INFOTEL LTD.
descr: Class A ISP in INDIA .
descr: 234 , OKHLA PHASE III ,
descr: NEW DELHI
descr: INDIA
country: IN
origin: AS9498
mnt-by: MAINT-IN-BBIL
changed: hm-changed@xxxxxxxxx 20050201
source: APNIC
person: Network Administrator
nic-hdl: NA40-AP
e-mail: techsupport@xxxxxxxxxx
address: Bharti Infotel Ltd.
address: ISP Division - Long Distance - Telesonic
address: 234 ,
address: Okhla Ind. Area,
address: Phase III
address: New Delhi,
address: INDIA-110020
phone: +91-11- 5171 0131
fax-no: +91-11- 5171 1050
country: IN
changed: techsupport@xxxxxxxxxx 20040911
mnt-by: MAINT-IN-BBIL
source: APNIC
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
